Documentation Center
AlienVault® USM Appliance™

Manage Access to Customer Environments

Applies to Product: USM Appliance™ AlienVault OSSIM®

Important: Note that the configurations outlined in this section are very important. This is the section that most of our partners have problems with. Not taking this section seriously can result in massive headaches and turn into a time-suck. Please proceed with care.

Setting Up VPN

A managed USM Appliance service requires full-time connectivity to your USM Appliance installation. AlienVault includes virtual private network (VPN) tunneling software (OpenVPN) for creating point-to-point VPN links between components.

Follow the instructions on Configure a VPN Between USM Appliance Systems. Keep in mind that when using the VPN tunnel, you need to add the servers with the tunnel IP and not the original IP address of the components. In addition,

  • In terms of routing and gateways, the only prerequisite is that the VPN client is able to access port 33800 of the external IP of the VPN server.
  • It is highly recommended to NOT have a USM Appliance Server act as a VPN client and a VPN server (to the Federation Server and USM Appliance Sensor respectively) unless your Federation Server is hosted in AWS, see Federation Server in AWS Deployment Checklist.
  • You must change the VPN server's IP to its public IP, see Additional Step When the VPN server and VPN client Reside in Different Networks.
  • Disable client-to-client VPN communication.

    By default, client-to-client VPN communication is enabled. As an MSSP, you want to disable this so your clients cannot communicate with each other using the VPN setup.

    To disable client-to-client VPN communication

    1. SSH to the Federation Server.
    2. On the AlienVault Setup main menu, select Jailbreak System to gain command line access.

      Select Yes when prompted. You will be in the root directory.

    3. Open the file /etc/openvpn/AVinfraestructure.conf.
    4. Locate the line "client-to-client" and comment it out by putting a "#" in front of it.
    5. Restart the VPN service:

      # service openvpn restart

Other Ways to Access Client USM Appliance Including Access to the Database

After you have set up the VPN connection between the Federation Server and your client's USM Appliance, you can access the client USM Appliance over HTTPS or SSH from the Federation Server, using the VPN IP address. In this section, we will cover other ways to connect to your client's USM Appliance, including displaying events from your client's USM Appliance database directly in the Federation Server web UI.